| @@ -0,0 +1,49 | |||
|
|
1 | # Redmine - project management software | |
|
|
2 | # Copyright (C) 2006-2008 Jean-Philippe Lang | |
|
|
3 | # | |
|
|
4 | # This program is free software; you can redistribute it and/or | |
|
|
5 | # modify it under the terms of the GNU General Public License | |
|
|
6 | # as published by the Free Software Foundation; either version 2 | |
|
|
7 | # of the License, or (at your option) any later version. | |
|
|
8 | # | |
|
|
9 | # This program is distributed in the hope that it will be useful, | |
|
|
10 | # but WITHOUT ANY WARRANTY; without even the implied warranty of | |
|
|
11 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |
|
|
12 | # GNU General Public License for more details. | |
|
|
13 | # | |
|
|
14 | # You should have received a copy of the GNU General Public License | |
|
|
15 | # along with this program; if not, write to the Free Software | |
|
|
16 | # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. | |
|
|
17 | ||
|
|
18 | require File.dirname(__FILE__) + '/../../../test_helper' | |
|
|
19 | ||
|
|
20 | class Redmine::AccessControlTest < Test::Unit::TestCase | |
|
|
21 | ||
|
|
22 | def setup | |
|
|
23 | @access_module = Redmine::AccessControl | |
|
|
24 | end | |
|
|
25 | ||
|
|
26 | def test_permissions | |
|
|
27 | perms = @access_module.permissions | |
|
|
28 | assert perms.is_a?(Array) | |
|
|
29 | assert perms.first.is_a?(Redmine::AccessControl::Permission) | |
|
|
30 | end | |
|
|
31 | ||
|
|
32 | def test_module_permission | |
|
|
33 | perm = @access_module.permission(:view_issues) | |
|
|
34 | assert perm.is_a?(Redmine::AccessControl::Permission) | |
|
|
35 | assert_equal :view_issues, perm.name | |
|
|
36 | assert_equal :issue_tracking, perm.project_module | |
|
|
37 | assert perm.actions.is_a?(Array) | |
|
|
38 | assert perm.actions.include?('issues/index') | |
|
|
39 | end | |
|
|
40 | ||
|
|
41 | def test_no_module_permission | |
|
|
42 | perm = @access_module.permission(:edit_project) | |
|
|
43 | assert perm.is_a?(Redmine::AccessControl::Permission) | |
|
|
44 | assert_equal :edit_project, perm.name | |
|
|
45 | assert_nil perm.project_module | |
|
|
46 | assert perm.actions.is_a?(Array) | |
|
|
47 | assert perm.actions.include?('projects/settings') | |
|
|
48 | end | |
|
|
49 | end | |
| @@ -108,6 +108,12 class Project < ActiveRecord::Base | |||
|
|
108 | 108 | def self.allowed_to_condition(user, permission, options={}) |
|
|
109 | 109 | statements = [] |
|
|
110 | 110 | base_statement = "#{Project.table_name}.status=#{Project::STATUS_ACTIVE}" |
|
|
111 | if perm = Redmine::AccessControl.permission(permission) | |
|
|
112 | unless perm.project_module.nil? | |
|
|
113 | # If the permission belongs to a project module, make sure the module is enabled | |
|
|
114 | base_statement << " AND EXISTS (SELECT em.id FROM #{EnabledModule.table_name} em WHERE em.name='#{perm.project_module}' AND em.project_id=#{Project.table_name}.id)" | |
|
|
115 | end | |
|
|
116 | end | |
|
|
111 | 117 | if options[:project] |
|
|
112 | 118 | project_statement = "#{Project.table_name}.id = #{options[:project].id}" |
|
|
113 | 119 | project_statement << " OR #{Project.table_name}.parent_id = #{options[:project].id}" if options[:with_subprojects] |
| @@ -277,7 +277,7 class Query < ActiveRecord::Base | |||
|
|
277 | 277 | elsif project |
|
|
278 | 278 | project_clauses << "#{Project.table_name}.id = %d" % project.id |
|
|
279 | 279 | end |
|
|
280 |
project_clauses << Project. |
|
|
|
280 | project_clauses << Project.allowed_to_condition(User.current, :view_issues) | |
|
|
281 | 281 | project_clauses.join(' AND ') |
|
|
282 | 282 | end |
|
|
283 | 283 | |
| @@ -30,8 +30,15 module Redmine | |||
|
|
30 | 30 | @permissions |
|
|
31 | 31 | end |
|
|
32 | 32 | |
|
|
33 | # Returns the permission of given name or nil if it wasn't found | |
|
|
34 | # Argument should be a symbol | |
|
|
35 | def permission(name) | |
|
|
36 | permissions.detect {|p| p.name == name} | |
|
|
37 | end | |
|
|
38 | ||
|
|
39 | # Returns the actions that are allowed by the permission of given name | |
|
|
33 | 40 | def allowed_actions(permission_name) |
|
|
34 |
perm = |
|
|
|
41 | perm = permission(permission_name) | |
|
|
35 | 42 | perm ? perm.actions : [] |
|
|
36 | 43 | end |
|
|
37 | 44 | |
| @@ -94,6 +101,7 module Redmine | |||
|
|
94 | 101 | @actions << "#{controller}/#{actions}" |
|
|
95 | 102 | end |
|
|
96 | 103 | end |
|
|
104 | @actions.flatten! | |
|
|
97 | 105 | end |
|
|
98 | 106 | |
|
|
99 | 107 | def public? |
| @@ -43,4 +43,16 enabled_modules_011: | |||
|
|
43 | 43 | name: issue_tracking |
|
|
44 | 44 | project_id: 2 |
|
|
45 | 45 | id: 11 |
|
|
46 | enabled_modules_012: | |
|
|
47 | name: time_tracking | |
|
|
48 | project_id: 3 | |
|
|
49 | id: 12 | |
|
|
50 | enabled_modules_013: | |
|
|
51 | name: issue_tracking | |
|
|
52 | project_id: 3 | |
|
|
53 | id: 13 | |
|
|
54 | enabled_modules_014: | |
|
|
55 | name: issue_tracking | |
|
|
56 | project_id: 5 | |
|
|
57 | id: 14 | |
|
|
46 | 58 | No newline at end of file |
| @@ -62,6 +62,17 class IssuesControllerTest < Test::Unit::TestCase | |||
|
|
62 | 62 | assert_no_tag :tag => 'a', :content => /Issue of a private subproject/ |
|
|
63 | 63 | assert_no_tag :tag => 'a', :content => /Issue on project 2/ |
|
|
64 | 64 | end |
|
|
65 | ||
|
|
66 | def test_index_should_not_list_issues_when_module_disabled | |
|
|
67 | EnabledModule.delete_all("name = 'issue_tracking' AND project_id = 1") | |
|
|
68 | get :index | |
|
|
69 | assert_response :success | |
|
|
70 | assert_template 'index.rhtml' | |
|
|
71 | assert_not_nil assigns(:issues) | |
|
|
72 | assert_nil assigns(:project) | |
|
|
73 | assert_no_tag :tag => 'a', :content => /Can't print recipes/ | |
|
|
74 | assert_tag :tag => 'a', :content => /Subproject issue/ | |
|
|
75 | end | |
|
|
65 | 76 | |
|
|
66 | 77 | def test_index_with_project |
|
|
67 | 78 | Setting.display_subprojects_issues = 0 |
General Comments 0
You need to be logged in to leave comments.
Login now